Have any questions? Just call us at 1.866.900.4236

May 4, 2016

No Comments

Data Breaches: Small Business Edition

2016 Data Breach Investigations Report: Small Business Owner Cybersecurity Edition

Every year, Verizon partners with various public and private sector entities to create this annual investigative report. It covers real-world data breaches and computer security incidents from the prior year. The 2016 Data Breach Investigations Report (DBIR) covers data from 2015 and this is the eighth (8th) year for this annual report.

**Disclaimer: This blog post is for informational purposes only and should not be construed as legal advice. You should always contact your legal counsel or attorney for legal advice. This list is not inclusive and is merely an informational guide.**

Read more

April 22, 2016

No Comments

Evansville Podcast Interview

Brad Garnett discusses his role as a Digital Forensic Examiner with Kemper Forensics and the difference between hacking and digital forensics. We dive into his background in law enforcement, teaching, the dangers of some USB/thumb drives, ransomware, the accuracy of Mr. Robot, and the Apple vs FBI case.

http://evansvillepodcast.com/brad-garnett-digital-forensic-examiner

Read more

March 18, 2016

No Comments

Stolen Laptop with Patient Health Information: Data Breach?

Disclaimer: Always consult with your attorney/legal counsel for legal advice.


Does a stolen laptop containing patient health information [PHI] equate to a data breach? In simplest form….yes, if unsecured. No, if encrypted (see HIPAA Final Rule outlined below).

Bloomington based Premier Healthcare, LLC. discovered a stolen laptop from one of its billing offices on January 4, 2016. On January 6th, a police report was completed by the Monroe County Sheriff’s Office. Premier Healthcare stated that the laptop was password-protected, but was not encrypted. There were emails located on the laptop’s hard drive that contained some screenshots, spreadsheets, and pdf documents that were used to address billing issues with patients, insurance companies, and other healthcare providers. Premier further stated that combinations of patient demographic information (i.e. name, date of birth, medical record number, insurance information, and/or some clinical information) for 205,748 individuals were contained in these documents. For 1,769 patients, social security numbers, and/or financial information could potentially be accessed on the laptop.

Quick Timeline

  • December 31, 2015: Date laptop believed to have been stolen from the Billing Department office
  • January 4, 2016: Premier Healthcare discovered stolen laptop
  • January 6, 2016: Police report filed with Monroe Co Sheriff’s Office
  • March 3, 2016: Premier Healthcare statement posted to website
  • March 4, 2016: Premier Healthcare notifies HHS regarding a potential data breach (HIPAA Breach Notification Rule)
  • March 7, 2016: Stolen Laptop returned via U.S. mail to Premier Healthcare and engages with forensic firm for analysis
Read more

March 8, 2016

No Comments

KeRanger: New Mac OS X Ransomware

Yes, even Apple Macs are prone to getting malware, but this new malware identified over the weekend by Palo Alto Networks requires a set of unique circumstances. First, the ransomware infected the Transmission BitTorrent client-side installer for Mac OS X on the Transmission BitTorrent website. Palo Alto has named this ransomware “KeRanger”. At first look, it would appear that the website may have been compromised and the attackers uploaded the malicious version to replace the legitimate, open source version. For our readers that may not be familiar with bitorrent, it is a peer-to-peer file sharing protocol for sharing files and large amounts of data. BitTorrent clients have legitimate and illegitimate purposes. Wikipedia has an animated GIF to demonstrate this concept. This ransomware was signed with a valid Apple developer certificate, which is troubling and is believed to have been stolen. Apple has since revoked this certificate, so if you attempt to open the Transmission app it will warn you. You should Trash the .app

Read more

March 7, 2016

No Comments

Phishing Scheme Targeting Payroll and HR Professionals

On Tuesday, March 1st The IRS issued a warning (IR-2016-34) related to an email phishing scheme targeting payroll and human resource professionals. This phishing scheme purports to be from a company executive and requests personal information on employees.

The following are some details outlined in the IRS release:

  • Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.
Read more

February 22, 2016

No Comments

Successful Physical Extraction of a Severely Damaged iPhone 4

Every now and then we get a phone into our lab that requires some extra care to successfully acquire a client’s data. The photo below is of a damaged iPhone 4. The owner of this iPhone was in a severe, auto accident last year and the phone was brought to our Evansville, Indiana office for forensic extraction and analysis.

Today, we were pleased to inform our client that our certified forensic examiners were able to successfully acquire all the data residing on this iPhone 4 using traditional (and even non-traditional) mobile device forensic techniques. Our client is now able to access photographs, personal information, and other data that they once thought they would never see again. Our client had stated that this iPhone’s data was irreplaceable and we are pleased that we were happy to create another raving fan who used our forensic services!Kemper Forensics iPhone 4 Recovery

Damaged iPhone 4

Damaged iPhone 4

Read more

December 15, 2015

No Comments

Phishing Email Leads to $750,000 OCR HIPAA Settlement

In a press release dated December 14, 2015 U.S. Department of Health and Human Services Office for Civil Rights announced a settlement with the University of Washington (UWM) for violating the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.

In November of 2013, OCR initiated an investigation of the UWM following receipt of a breach report of approximately 90,000 individuals electronic protected health information (e-PHI) was accessed after an employee opened an email attachment that contained malware. The malware compromised the organization’s IT infrastructure stealing patient information, such as names, date of births, social security numbers, medical record numbers, billing information, etc.

Read more

December 1, 2015

No Comments

VTech Data Breach: 5 million records, including Photos of Children

Yesterday, Hong Kong based toymaker VTech (VTech Holding Limited) announced a data  breach of approximately 5 million customer records and related kids profiles worldwide were affected by this data breach. VTech’s online portal more commonly known as Learning Lodge, allows parents to register accounts for themselves and their children. This allows parents to download apps and other VTech related electronic content. A hacker that has leaked the content of this data breach revealed he has no plans to do anything with the stolen data. So what type of information was stolen?

According to the FAQ page, in the United States alone 2,212,863 parent accounts and 2,894,091 child profile accounts were compromised.

Read more

November 30, 2015

1 Comment

Cyber Monday Consumer Tips

Here are a few tips to help make the most of Cyber Monday today:

  1. Shop reputable websites. First, ask yourself if you’ve done business with the website before? What are other users saying about the website? Be cautious with deals that just show up on Facebook, Twitter, and other social media sites. How many Facebook/Twitter followers does the account have and when was the social media account registered? Prior to entering your credit card and payment information, make sure you are on a secure website (https://). Check the status browser in your browser to make sure the padlock icon is locked, which ensures your connection to the website is encrypted. DO NOT submit your credit card information or bank information over public Wi-Fi! Avoid paying via electronic check and a use a major credit card.
  2. Be alert for counterfeit product. Can you spot counterfeit merchandise? Does it sound too good to be true? Then it probably is and you should avoid these products. A $50 iPad, or other reputable brand name products that are being sold very cheap should be a red flag. DHS’ ICE (Immigration, Customs, and Enforcement) shared this short video via Twitter about counterfeit merchandise this past week. Department of Homeland Security also shared this news release.
Read more

November 11, 2015

No Comments

CyberFetch Spotlight Interview

In September, our Digital Forensic Examiner Lead Brad Garnett was interviewed by CyberFetch. CyberFetch is a Dept of Homeland Security Science and Technology Directorate that spotlights interesting people in the cyber forensics community. You can read the interview here: https://www.cyberfetch.org/groups/brad-garnett

 

Read more